Checklist for evaluating a logging solution
In case you need to evaluate an access logging solution, the following check list may be helpful:
- Overall quality of logged data: Does it provide enough detail and completeness for all of my use cases?
- Is the solution fully integrated into the SAP environment?
- Are there sufficient options for setting up filters on any level (from very broad to very detailed)?
- Can I maintain users in an inclusion / exclusion list?
- What are the costs and efforts for installation, implementation and operations (TCO)?
- Does it contain extensive reporting capabilities?
- Are there APIs available for exporting log records (e.g. to file system, central server, data warehouse, …)?
- Is it a server based solution or does it require installations on each frontend?
- Can the logged data be secured against deletion and changes (digital signature)?
- Is it possible to add alerting functionality (generation of e-mails / reports, workflows etc.)?
- Does it allow a periodical deletion of logged data, e.g. older than half year?
- Are there dedicated authorizations for accessing the log reports and the log configuration?
- Is it assured that viewed data is always written to the log file, even in extreme situations (Loss of network connection, system / network shutdown etc.)?
- Is archiving possible?